Re: CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 24 Dec 2013 06:29:11 -0700
Eric Blake <eblake@xxxxxxxxxx> wrote:

> diff --git i/src/util/virprocess.c w/src/util/virprocess.c
> index c99b75a..e069483 100644
> --- i/src/util/virprocess.c
> +++ w/src/util/virprocess.c
> @@ -879,7 +879,7 @@ virProcessRunInMountNamespace(pid_t pid,
>          goto cleanup;
>      }
> 
> -    if ((cpid = virFork() < 0))
> +    if ((cpid = virFork()) < 0)
>          goto cleanup;
>      if (cpid == 0) {
>          /* child */

Thanks, that solves it. With this extra patch libvirtd writes to the
container's /dev/initctl only and terminates child process only.

Reco

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]